Enter Promotional Code

If you have a Campaign Code such a Renewal Code, or a one-off Coupon Code for a particular promotion please enter below and click Submit. This page will be reloaded with your appropriate discount.

Campaign/Coupon Code:

SSL Certificate Type

Single Domain CertificateSecures a single Fully Qualified Domain Name such as www.globalsign.com or secure.globalsign.com

Wildcard SSL CertificateSecures all sub-domains on a single Fully Qualified Domain Name. e.g. the Certificate is issued to *.globalsign.com

Public IP Address SSL CertificateSecures a single publicly accessible IP Address such as 210.10.10.01

For Certificates issued to sites beginning with www (or * for Wildcards) we will add the non-www or non-* version of your domain as a SAN free of charge. Your Certificate will work for www.domain.com and domain.com.

Signing Algorithm

Please select the signing algorithms to be used by GlobalSign to sign your certificate.

SHA256SHA256

In compliance with industry standards we will stop accepting SHA-1 orders on December 14, 2015, and will not issue or reissue any SHA-1 certificates after December 31, 2015.

Certificate Transparency (CT)

This certificate will be compliant with the Certificate Transparency (CT) RFC as it will be posted to public CT logs. Proof of addition to these logs is included within the certificate in the form of a Signed Certificate Time-stamp (SCTs).

Extended Key Usage (EKU)

The EKU specifies what the keys in the SSL certificate can be used for. In order for a certificate to be used for SSL/TLS it must have Server Authentification. By defafult Client Authentication is also included. Please select the desired values from the list below based on your intended usage.

USAGE

NAME

OID

Any Extended Key Usage

anyExtendedKeyUsage

2.5.29.37.0

Server Authentication

id-kp-serverAuth

1.3.6.1.5.5.7.3.1

Client Authentication

id-kp-clientAuth

1.3.6.1.5.5.7.3.2

Code Signing

id-kp-codeSigning

1.3.6.1.5.5.7.3.3

Email Protection(S/MIME)

id-kp-emailProtection

1.3.6.1.5.5.7.3.4

IPSec End System

id-kp-ipsecEndSystem

1.3.6.1.5.5.7.3.5

IPSec Tunnel

id-kp-ipsecTunnel

1.3.6.1.5.5.7.3.6

IPSec User

id-kp-ipsecUser

1.3.6.1.5.5.7.3.7

Time Stamping

id-kp-timeStamping

1.3.6.1.5.5.7.3.8

OCSP Signing

id-kp-OCSPSigning

1.3.6.1.5.5.7.3.9

KDC Authentication

id-pkinit-KPkdc

1.3.6.1.5.2.3.5

Smart Card Logon

OID_KP_SMARTCARD_LOGON

1.3.6.1.4.1.311.20.2.2

IPSec IKE

id-kp-ipsecIKE

1.3.6.1.5.5.7.3.17

Certificate Trust List

msCTL

1.3.6.1.4.1.311.10.3.1

Microsoft Server Gated Crypto

msSGC

1.3.6.1.4.1.311.10.3.3

Encrypting File System

msEFS

1.3.6.1.4.1.311.10.3.4

Netscape Server Gated Crypto

nsSGC

2.16.840.1.113730.4.1

Key Archival

keyArchival

1.3.6.1.4.1.311.21.5

IKE Intermediate

ipsec_kp_ike_intermediate

1.3.6.1.5.5.8.2.2

Key Type

The Key Usage values listed in the next section depend on the type of key you will be including in your SSL certificate.

RSA

ECC (CSR required to enable)

Key Usage (KU)

The KU specifies how the keys in the certificate can be used and are defined in RFC 5280. The default values and options listed below depend on the Key Type selected above. We recommend keeping the default values checked or you may not be able to use your SSL/TLS certificate.

USAGE

NAME

BIT Position

Digital Signature

digitalSignature

0

Non Repudiation

nonRepudiation

1

Key Encipherment

keyEncipherment

2

Data Encipherment

dataEncipherment

3

Key Agreement

keyAgreement

4

Key Cert Sign

keyCertSign

5

DV_HIGH.inputProductionForm.ku.crlSign

crlSign

6

Encipher Only

encipherOnly

7

Decipher Only

decipherOnly

8

Validity Period

In order to comply with the industry phase out of SHA1 certificates, we can only offer a maximum validity period of 1 year.

30 day

$xxx

45 day

$xxx

90 day

$xxx

half year

$xxx

1 year

$xxx

2 year

$xxx

- MOST POPULAR- RECOMMENDED- MOST POPULAR- MOST POPULAR- MOST POPULAR- RECOMMENDED- RECOMMENDED

Add specific Subject Alternative Names (SANs)

Your Certificate will be issued to a specific Domain Name. When you buy a Certificate for www.yourdomain.com, we give you yourdomain.com as a free SAN. If you want to add further SANs and secure multiple sites, servers or IP addresses with a single Certificate, select Yes and enter the number of each SANs type you will add to the Certificate.

No

Yes

Add multiple domain namesSecure multiple Domain Names, they can be different to the Domain Names you will specify in the CSR

at $xxx each: 0

Add multiple domain names with wildcardSecure all sub-domains on a single Fully Qualified Domain Name. e.g. a SAN in the certificate contains *.ssl-globalsign.com

at $xxx each: 0

Add multiple subdomainsSecure subdomains of the Domain Name you will specify in the CSR

at $xxx each: 0

Add multiple public IP addressesAdd Public IP Addresses (must be publicly accessible and owned by the applicant organization)

at $xxx each: 0

Add multiple internal server names or internal IP addressesAdd Internal Addresses such as 10.10.10.01 or localhostAttention: Use of certificates containing non-unique such as reserved IP addresses or internal server names represent a risk to your environment and others. The support for issuance of certificates containing such names will be discontinued no later than November 1st 2015.

at $xxx each: 0

When a browser comes across a Certificate with SANs, it knows that the Certificate can be used to secure not just the primary domain to which it's been issued, but also whatever it finds in the SANs section. By adding SANs your Certificate can secure other server “names” such as other domain names, subdomains, IP addresses and internal server names.

Are you switching from a Competitor?

No, I am not switching

Yes, I am switching

If you are switching a current valid Certificate from a competitor, we place the remaining time on your current Certificate on your replacement GlobalSign Certificate. You may also add 30 more bonus days free of charge.

30 day bonus

A Renewal/Switching order may optionally add a bonus of 30 days to the certificate.

Yes, add a 30-day bonus to my certificate

Customize Expiration Date

Set a custom expiration date - $xxx

New! Unlimited Server Licenses.

Use your Certificate on as many physical servers, virtual servers or load balancers as needed with no additional fees.